Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
84
Beyond the Borders of Scope
jr0ch17
0
70
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
820
「技術負債にならない・間違えない」 権限管理の設計と実装
naro143
35
10k
関係性が駆動するアジャイル──GPTに人格を与えたら、対話を通してふりかえりを習慣化できた話
mhlyc
0
130
AWSにおけるTrend Vision Oneの効果について
shimak
0
110
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
850
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
130
PLaMoの事後学習を支える技術 / PFN LLMセミナー
pfn
PRO
9
3.7k
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
300
extension 現場で使えるXcodeショートカット一覧
ktombow
0
190
From Prompt to Product @ How to Web 2025, Bucharest, Romania
janwerner
0
110
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.4k
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
mdstoy
0
110
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Building an army of robots
kneath
306
46k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
840
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Code Reviewing Like a Champion
maltzj
525
40k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
GitHub's CSS Performance
jonrohan
1032
460k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and